The protection of your privacy when processing personal data is important to us.
Our employees are subject to the non-disclosure obligations of the applicable data protection regulations.
We use the data provided by you to perform and process your order. For contractual performance we pass on your data to the shipping company instructed to carry out delivery if this is necessary for the delivery of the goods ordered. For the processing of payments we pass on the payment data required for this to the bank instructed to make the payment and any payment services providers instructed to act for us or to the payment service selected by you during the order process. In the case of a job application we use your data in the process of employee selection.
1. IDENTITY AND CONTACT DETAILS OF THE CONTROLLER AND THE DATA PROTECTION OFFICER
Bayerische Glaswerke GmbH
92660 Neustadt a.d. Waldnaab
Tel.: +49 (0)9602 30 0
All potential customers and visitors to our website can contact our data protection officer as follows:
Mr Christian Volkmer
Projekt 29 GmbH & Co. KG
Tel.: +43 941 2986930
Fax: +43 941 29869316
2. COLLECTION AND STORAGE OF PERSONAL DATA AND TYPE AND PURPOSE OF THEIR USE
a. When visiting the website
When you access the website www.shop-spiegelau.de data are automatically sent to our website’s server by the browser used on your end device. This information is stored temporarily in what is called a log file. The following information is collected during this process without any action on your part and stored until it manually deleted in accordance with applicable data protection regulations:
- IP address of the requesting computer,
- date and time of access,
- name and URL of the requested file,
- website from which access is obtained (Referrer URL),
- browser used and, where applicable, the your computer’s operating system and the identity of your access provider.
The specified data are processed by us for the following purposes:
- ensuring that the website can establish a connection smoothly,
- ensuring that our website is easy to use,
- analysis of system security and stability, as well as
- for additional administrative purposes.
The legal basis for the data processing is point (f) of Article 6 paragraph 1 sentence 1 of the General Data Protection Regulation (GDPR). Our legitimate interest is based on the data collection purposes listed above. We do not on any account use the data collected for the purpose of identifying you.
b. When using our contact form
For questions of any kind we offer you the possibility to contact us via a contact form provided on the website. A valid e-mail address is required for this so that we know who the inquiry is coming from and can respond to it. Additional information can be provided on a voluntary basis.
To the extent that your inquiry is for a contract to which you are a party or relates to the performance of pre-contractual measures, data will be processed according to Art. 6 Paragraph 1 lit. b of DSGVO. For all other inquiries, data will be processed for the purpose of establishing contact on the basis of a weighing of interests (Art. 6 Paragraph 1 lit f of DSGVO. In this case, our justified interest is in handling your matter.
We store this data for evidentiary purposes in order to assert, exercise, or defend potential legal claims as well as for a transitional period of three years from the close of the year in which you provided the data to us, and in the event of any legal disputes until their conclusion. We also store this data to the extent that there are legal, particularly commercial and tax-related, retention obligations. Depending on the type of documents, commercial and tax-related retention obligations may exist for six or ten years (§ 147 of the German Tax Code (AO), § 257 of the German Commercial Code (HGB).
c. Job applicants
What information is collected?
All of the information you provide as a job applicant is recorded and processed by the company Nachtmann GmbH, Zacharias-Frank-Str. 7, 92660 Neustadt a. d. Waldnaab/Germany.
When you apply for a job at our company you will be asked to provide certain personal information (name, address, e-mail). In addition, questions specific to the position may be asked. When applying for a job at our company it is also essential for you to include your professional history.
Please be aware that your data is not stored anonymously; it is accessible to the human resources department and any other departments or persons relevant to the position.
Job applicant information
When applying for a job, you attest that the information you provide is true and accurate to the best of your knowledge. Please be aware that any false statements or omissions can be a reason for rejection or a later dismissal.
We seek the best candidates irrespective of race, ethnicity, gender, religion, ideology, disability, age, or sexual identity. We do not require any information from you that is not usable, as defined by the German General Nondiscrimination Law (AGG). Please do not forward to us any confidential internal information or even trade secrets from your former or current employer. Please also do not make any unnecessary statements about: illnesses, pregnancy, ethnicity, political views, philosophical or religious convictions, membership in a trade union, physical or mental health, sex life, slanderous or libelous information, or any information that is unrelated to the employment profile.
Who processes the data?
The data we collect is processed exclusively within the corporate group or by contractually bound service providers. Personal data will be forwarded only for specific purposes within the framework of order processing, in accordance with data-protection regulations, to entities that e.g. manage our servers or perform certain services. These entities are located in Germany and EU countries and are obliged through contractual agreements and data-protection directives to handle personal data in a way that complies with data-protection requirements.
The data and files transmitted by you will be processed and used exclusively for the purpose of processing your application. To the extent that your application is successful, the data and files that you provide may be further processed and used in an employment relationship by our client for employment purposes. To the extent that the application for a job opening is not successful and you have, during uploading, provided your consent to store the data, we will store the transmitted data and files in a database of applicants for six months in order to enable later answering of questions about the application. At the end of six months, the data and files will be deleted. The application may be retracted at any time. Retraction of the application will result in your data and files being immediately deleted from the applicant database with the limitations specified below. Additionally, you may, within the framework of the application, request that individual pieces of data and individual files transmitted by you be deleted. However, we retain the right to store, for a limited period of three months, a limited number of your data in order to comply with legal stipulations, particularly obligations to produce supporting documents resulting from the German General Nondiscrimination Law (AGG).
With whom do we share your personal data?
The information that you provide to us will be handled in a confidential manner and will be forwarded only to persons who are engaged in a specific application process. Your personal data will be forwarded to other clients outside our company only with your separate, explicit authorization.
Access rights, processing, and deletion of your professional history
You have, of course, the ability to at any time request deletion of your data and documents. To do this, use our contact form or write an e-mail to us at firstname.lastname@example.org.
Please understand that changing or deletion of data during an ongoing application process and for a period of approximately three months after conclusion of an application process is not possible for legal reasons.
d. Other services
In some cases we require your name and address as well as additional information in order to be able to offer you the requested service.
The same applies in the event that we provide you at your request with informational material or if we respond to your inquiry. We will advise you of this in these cases.
When you use one of our services, we normally only collect the data necessary to be able to offer you our service. We may ask you for additional information, but this is of a voluntary nature. Whenever we process personal data, we do this in order to be able offer your our service or to pursue our commercial objectives.
3. DISCLOSURE OF DATA
Your personal data are not transferred to third parties for any purposes other than those listed below.
We only pass on your personal data to third parties if:
- you have given your express consent to this in accordance with point (a) of Article 6 paragraph 1 sentence 1 GDPR,
- disclosure in accordance with point (f) of Article 6 paragraph 1 sentence 1 GDPR is necessary for the establishment, exercise or defence of legal claims and there is no reason to assume that you have any overriding interest in your data not being disclosed which is worthy of protection,
- disclosure in accordance with point (c) of Article 6 paragraph 1 sentence 1 GDPR os required by law, and
- this is permitted by law and required by point (b) of Article 6 paragraph 1 sentence 1 GDPR for the performance of contractual relationships with you.
a. Payment Service Providers
When selecting the payment type “Klarna purchase on invoice” or (if offered) “Klarna installment purchase”, the invoice will be processed by Klarna AB (publ) [https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). In order to facilitate payment, your personal data (first and last names, street address, postal code, city, gender, e-mail address, telephone number, and IP address) as well as data associated with the order (e.g. invoice amount, items, type of delivery) will be forwarded to Klarna for verification of identity and creditworthiness, assuming that you provided explicit consent of this during the ordering process in accordance with Art. 6 Paragraph 1 lit. a of the German General Data Protection Regulation (DSGVO). The information bureaus to which your data will be forwarded can be viewed here: http://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The creditworthiness information may contain probability values (known as score values). To the extent that score values are included in the creditworthiness result, they will be based on a scientifically recognized statistical method. Address data flows, among other things but not exclusively, into the calculation of the score values. Klarna uses the obtained information about statistical probability of a payment default to make a balanced decision on the foundation, performance, or termination of a contractual relationship.
You can retract your consent at any time with a message to the persons responsible for data processing or to Klarna. However, Klarna may still be authorized to process your personal data to the extent that this is necessary for contract-compliant payment processing.
Your personal data will be handled in compliance with the applicable data protection regulations and in accordance with the statements in Klarna's data protection stipulations for parties based in Germany http://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy or Austria https://www.klarna.com/at/datenschutz/, respectively.
When the “SOFORT” payment type is selected, payment will be processed through the SOFORT GmbH payment service provider, Theresienhöhe 12, 80339 Munich, Germany (hereinafter “SOFORT”), to whom we forward the information you provide during the ordering process in addition to the information about your order in compliance with Art. 6, Paragraph 1 lit b of DSGVO. Sofort GmbH is part of Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data is forwarded exclusively for the purpose of payment processing with service provider SOFORT and only to the extent that it is necessary for this purpose. Additional information on data protection stipulations may be obtained from SOFORT under the following internet address: https://www.klarna.com/sofort/datenschutz
In order to process our purchase price claim arising from your purchase by invoice, we reserve the right to assign the claim to the Targo Commercial Finance AG for factoring purposes. We will transmit your required personal data (e.g. name, address, invoice data) to the Targo Commercial Finance AG, Heinrich-von-Brentano-Straße 2, 55130 Mainz.
c. Commercial credit insurance
If you enter into a continuing obligation with us, we will also reserve the right to use the service of the commercial credit insurance provided by the Euler Hermes Deutschland AG. In this context, the Euler Hermes Deutschland AG will carry out a credit assessment. We will transmit the personal data required for your credit assessment (e.g. name, address, registration number) to the Euler Hermes Deutschland branch of the Euler Hermes SA, Friedensallee 254, 22763 Hamburg. The result of the credit assessment will be used exclusively for the purpose of making decisions related to the conclusion and the amount of a commercial credit insurance. The recipient may use the data forwarded in this manner only for the completion of his task. Another use of the information is not permitted.
The transmission and processing of your data for factoring purposes and/or the credit assessment is necessary in order to protect our legitimate interests (Art. 6 sec. 1 lit. f DS-GVO).
d. Integration of the Trusted Shops Trustbadge
In order to display our Trusted Shops seal of approval and the collected reviews, where applicable, as well as to offer Trusted Shops products to buyers following an order, the Trusted Shops trust badge has been incorporated into this website.
This is done to protect our legitimate interests in the optimised marketing of our offers based on the balancing of interests by ensuring the safety of your purchase according to Article 6 (1) f GDPR. The trust badge and the associated advertised services are offered by the Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Köln, Germany. The Trustbadge is made available by a CDN provider (Content-Delivery-Network) as part of order processing. The Trusted Shops GmbH uses also service provider from the USA. An adequate level of data protection is guaranteed. Further information to the data security of the Trusted Shops GmbH can be found here: https://www.trustedshops.co.uk/imprint/
When the Trustbadge is called up, the web server automatically saves a server log file which contains, for example, your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call. Individual access data are stored in a security database for the analysis of security problems. The log files will be automatically overwritten no later than seven days after your visit.
Other personal data are transmitted to Trusted Shops only if you decide to use Trusted Shops products after an order is completed or if you have already registered for their use. In this case, the contractual agreement between you and Trusted Shops will apply. For this purpose personal data is automatically collected from the order data. Whether or not you are already registered as a Trusted Shops customer is automatically checked by means of a neutral parameter, the e-mail address hashed by cryptological one-way function. The e-mail address is converted to this hash value, which cannot be decrypted by Trusted Shops before it is transmitted. After checking for a match, the parameter is deleted automatically.
When you visit our websites, we store information on your computer in the form of cookies. Cookies are small files sent from an internet server to your browser and stored on your hard disk. Information is stored in the cookie which is generated in each case in connection with the end device specifically used. This does not, however, mean that we as a result receive any direct knowledge of your identity.
Cookies on the one hand serve to make our offer easier for you to use. We use session cookies for example to detect that you have already visited individual pages of our website. These are automatically deleted when you leave our website. We also use temporary cookies to optimize user-friendliness which are stored on your end device for a specifically determined period of time. If you visit our website again in order to use our services, it is automatically detected that you have already visited us and which entries you have made and settings you have chosen so that you do not have to enter these again.
The data processed via cookies or required for the specified purposes in order to safeguard our legitimate interests and those of third parties in accordance with point (f) of Article 6 paragraph 1 sentence 1 GDPR.
5. ANALYSIS TOOLS
The tracking measures listed below which are used by us are carried out on the basis of point (f) of Article 6 paragraph 1 sentence 1 GDPR. By using these tracking measures we want to ensure that our website is designed in line with your user preferences and can be optimised continuously. We also use the tracking measures to statistically record the use of our website and for the purpose of optimizing our offer for you. These interests are to be considered legitimate within the meaning of the regulation specified above.
The individual data processing purposes and data categories are specified under the relevant tracking tools.
a. Use of Google Analytics with anonymisation function
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, text file that are stored on your computer and allow your use of the website to be analysed. The information generated by the cookie about your use of the website are normally sent to a Google server in the USA and stored there. If IP anonymisation has been activated on this website, your IP address will, however, within Member States of the European Union or states that are party to the Agreement of the European Economic Area be shortened beforehand by Google. Only in exceptional cases will the IP address sent to a Google server in the USA and stored there. Google will use this information on behalf of the operator of this website to analyse your use of the website, to compile reports on website activities and to provide additional services associated with website and internet use to the website operator. The IP address sent by your browser within the scope of Google Analytics will not be combined with other Google data. You can prevent the storage of these cookies by configuring your browser software settings accordingly; we would, however, advise you that in this case you may not be able to use all website functions fully. You can also prevent the data generated by the cookie and data relating to your use of the website being collected (including your IP address) and sent to Google and the processing of these data by Google by downloading and installing the browser plug-in available at the following link: (https://tools.google.com/dlpage/gaoptout).
You can also prevent the collection of data by Google Analytics by clicking on the following link. An opt-out cookie will be set that prevent your data being collected when you visit this website in future: deactivate Google Analytics.
We also use Google Analytics to analyse data from AdWords and the DoubleClick cookie for statistical purposes. If you do not want this to take place, you can deactivate this via the Ads Preferences Manager (http://www.google.com/settings/ads/onweb/?hl=de).
If you've agreed that Google may link your web and app browsing history to your Google Account and use information from your Google Account to personalize ads, Google will use your information in conjunction with Google Analytics data to create cross-device remarketing audience lists. Google Analytics first collects your Google-authenticated ID, which is associated with your Google Account (i.e., personally identifiable information), on our website. Google Analytics will then temporarily associate your ID with your Google Analytics data in order to optimize our target audiences. If you don't agree, you can opt out by setting your preferences in the "My Account" section of your Google Account.
b. Google Tag Manager
This website uses Google Tag Manager. The tool ensures the other tags are triggered which on their part may collection data. Google Tag Manager does not access these data. It there has been deactivation at cookie or domain level, this continues to exist for all tracking tags implemented with Google Tag Manager. Google’s privacy information regarding this tool can be found here: https://www.google.de/tagmanager/use-policy.html
c. Use of the Facebook Custom Audiences Pixel
We use "Custom Audiences Pixel" from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook") to present interest-based advertisements to visitors to our website during their visit to Facebook. For this purpose, we have implemented a pixel of Facebook on our website, which establishes a direct connection to the Facebook servers when you visit our website. Information is sent to the Facebook server that you have visited our website and Facebook is assigning this information to your personal Facebook user account. For more information about Facebook's collection and use of the data and your rights and options for ensuring your privacy in this respect, please see the data protection information issued by Facebook at https://www.facebook.com/about/privacy/.
If you wish to reject the connection described above with Facebook, you can do so by clicking on this link: deactivate Facebook tracking
6. SOCIAL MEDIA PLUG-INS
a. Use of Twitter plug-ins
Social plug-ins (“plug-ins”) of the microblogging service Twitter, which is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”), are used on our website. The plug-ins are marked with a Twitter logo, for example in form of a blue “Twitter bird”. An overview of the Twitter plug-ins and what they look like can be found here: https://about.twitter.com/resources/buttons
If you access a page of our website that contains such a plug-in, your browser connects directly to the servers of Twitter. The content of the plug-in is sent directly to your browser by Twitter and embedded in the website. By embedding this plug-in, Twitter receives the information that your browser has accessed the relevant page of our website, even if you do not have a Twitter account or are not currently logged on to Twitter. This information (including your IP address) is sent by your browser directly to a Twitter server in the USA and stored there.
If you are logged on to Twitter, Twitter can directly relate the visit to our website to your Twitter account. If you interact with the plug-ins, for example by clicking on the “tweet” button, the relevant information is likewise sent directly to a Twitter server and stored there. The information is also published on your Twitter account and shown to your followers there.
If you do not want Twitter to relate the data collected via our website directly to your Twitter account, you have to log off from Twitter before visiting our website. You can also completely prevent the Twitter plug-in from loading with add-ons for your browser, e.g. with the script blocker “NoScript” (http://noscript.net/).
b. Use of Facebook Social plug-ins
Social Plugins (“plug-ins”) of the social network Facebook that are operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) are used on our website. The plug-ins are marked with a Facebook logo or the information “social plug-in of Facebook” or “Facebook social plug-in”. An overview of the Facebook plug-ins and what they look like can be found here: https://developers.facebook.com/docs/plugins
If you access a page of our website that contains such a plug-in, your browser connects directly to the servers of Facebook. The content of the plug-in is sent directly to your browser by Facebook and embedded in the website. By embedding this plug-in, Facebook receives the information that your browser has accessed the relevant page of our website, even if you do not have a Facebook account or are not currently logged on to Facebook. This information (including your IP address) is sent by your browser directly to a Facebook server in the USA and stored there.
If you do not want Facebook to relate the data collected via our website directly to your Facebook profile account, you have to log off from Facebook before visiting our website. You can also completely prevent the Facebook plug-in from loading with add-ons for your browser, e.g. with the “Facebook Blocker” (http://webgraph.com/resources/facebookblocker/).
7. USE OF YOUTUBE IN PRIVACY-ENHANCED MODE
8. USE OF DATA FOR E-MAIL MARKETING MEASURES
Use of data for e-mail marketing with newsletter subscription and your right to object
When we receive your e-mail address in connection with sale of a product or services and you have not objected, we reserve the right to send you offers by e-mail on a regular basis for products from our product range similar to those you have already bought. The legal basis for this is Sec. 7 (3) of the German Act Against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb – UWG).
You can object to the use of your e-mail address at any time by sending a message to the e-mail address below or by using the link provided for this in the marketing e-mail, without any costs being incurred for this other than the transmission cost according to the basic rates.
Data use when you subscribe to the e-mail newsletter
If you subscribe to our newsletter, we use the data required for this is provided separately by you to send you our e-mail newsletter on a regular basis. You can unsubscribe from the newsletter at any time by sending a message to the e-mail address below or using the link provided for this in the newsletter.
During your website visit we use the widespread SSL process (Secure Socket Layer) in connection with the highest encryption level supported by your browser. This is normally 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether an individual page of our website is transmitted in encrypted form can be seen with the closed key or lock icon in your browser’s status bar.
We have also taken technical and organizational security measures to protect your personal data against loss, destruction, manipulation and unauthorized access. All our employees and any service providers who work for us are obliged to comply with all applicable data protection legislation. Our security measures are subject to a continuous improvement process and our privacy policies are constantly revised. Please ensure that you have the most up-to-date version.
10. RIGHTS OF DATA SUBJECTS
You have the right:
- in accordance with Article 15 GDPR to obtain information about the personal data processed by us;
- in accordance with Article 16 GDPR DSGVO to obtain without undue delay the rectification or completion of your personal data stored by us;
- in accordance with Article 17 GDPR to obtain the erasure of the personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression or information, for compliance with a legal obligation, for reasons of public interest or for the establishment exercise or defense of legal claims. If we have made your personal data public, we are obliged, taking account of available technology and the technical possibilities, to inform controllers which are processing the personal data that the you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data;
- in accordance with Article 18 GDPR to obtain the restriction of the processing of your personal data if you contest the accuracy of the personal data, the processing is unlawful, but you oppose their erasure and we no longer require the data, but you require these for the establishment, exercise or defense of legal claims or you have objected to their processing in accordance with Article 21 GDPR;
- in accordance with Article 20 GDPR to receive your personal data in a structure, commonly used and machine-readable format or have such transmitted to another controller;;
- in accordance with Article 7 paragraph 3 GDPR to withdraw your consent given to us at any time. This means that we may no longer continue the data processing based on this consent in future, and
- in accordance with Article 77 GDPR to complain to a supervisory authority. You can usually contact the supervisory authority at your normal place of residence or your workplace or where we are headquartered for this.
11. RIGHT TO OBJECT
If your personal data are processed on the basis of legitimate interests in accordance with point (f) of Article 6 paragraph 1 sentence 1 GDPR, you have the right in accordance with Article 21 GDPR to object to the processing of your personal data if grounds for this relating to your particular situation exist or the objection is to direct marketing. In the latter case you have a general right to object, which is implemented by us without any particular situation being specified.
Sending an appropriate e-mail to email@example.com is sufficient if you wish to exercise your right to withdraw consent or your right to object.
13. COOKIE CONSENT
According to the law, we can store cookies on your device if they are absolutely necessary for the operation of this site. We need your permission for all other types of cookies. This site uses different types of cookies. Some cookies are placed by third parties that appear on our pages.
You can change or withdraw your consent from the cookie declaration on our website at any time.
Your consent applies to the following domains: www.shop-spiegelau.de.